[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp table overflow due to windows worm (resolved)

Thank you guys so much. It's resolved. The problem was indeed that my default route was via the external IP of my firewall so that it tried to resolve all IPs to mac addresses. Raising the arp cache to 2^16 worked as a hot fix.

In my defense: When I started working here I did inquire about the gateway to use and I was told I don't need one. I thought that odd back then but didn't realize the implications of this. And it did work for quite a while. Until now that is.

Now I've got a proper gateway entry that's outside of my net in a neighbouring /24 subnet and I reduced the arp cache size to 1024 again. And even though I can see 5 infected machine blasting through the network right now everything works fine.

Cheers, Ben

Reply to: